• Kees Cook's avatar
    mm: allow slab_nomerge to be set at build time · 7660a6fd
    Kees Cook authored
    Some hardened environments want to build kernels with slab_nomerge
    already set (so that they do not depend on remembering to set the kernel
    command line option).  This is desired to reduce the risk of kernel heap
    overflows being able to overwrite objects from merged caches and changes
    the requirements for cache layout control, increasing the difficulty of
    these attacks.  By keeping caches unmerged, these kinds of exploits can
    usually only damage objects in the same cache (though the risk to
    metadata exploitation is unchanged).
    Link: http://lkml.kernel.org/r/20170620230911.GA25238@beast
    Signed-off-by: default avatarKees Cook <keescook@chromium.org>
    Cc: Daniel Micay <danielmicay@gmail.com>
    Cc: David Windsor <dave@nullcore.net>
    Cc: Eric Biggers <ebiggers3@gmail.com>
    Cc: Christoph Lameter <cl@linux.com>
    Cc: Jonathan Corbet <corbet@lwn.net>
    Cc: Daniel Micay <danielmicay@gmail.com>
    Cc: David Windsor <dave@nullcore.net>
    Cc: Eric Biggers <ebiggers3@gmail.com>
    Cc: Pekka Enberg <penberg@kernel.org>
    Cc: David Rientjes <rientjes@google.com>
    Cc: Joonsoo Kim <iamjoonsoo.kim@lge.com>
    Cc: "Rafael J. Wysocki" <rafael.j.wysocki@intel.com>
    Cc: Thomas Gleixner <tglx@linutronix.de>
    Cc: Ingo Molnar <mingo@kernel.org>
    Cc: Mauro Carvalho Chehab <mchehab@kernel.org>
    Cc: "Paul E. McKenney" <paulmck@linux.vnet.ibm.com>
    Cc: Arnd Bergmann <arnd@arndb.de>
    Cc: Andy Lutomirski <luto@kernel.org>
    Cc: Nicolas Pitre <nicolas.pitre@linaro.org>
    Cc: Tejun Heo <tj@kernel.org>
    Cc: Daniel Mack <daniel@zonque.org>
    Cc: Sebastian Andrzej Siewior <bigeasy@linutronix.de>
    Cc: Sergey Senozhatsky <sergey.senozhatsky@gmail.com>
    Cc: Helge Deller <deller@gmx.de>
    Cc: Rik van Riel <riel@redhat.com>
    Cc: Randy Dunlap <rdunlap@infradead.org>
    Signed-off-by: default avatarAndrew Morton <akpm@linux-foundation.org>
    Signed-off-by: default avatarLinus Torvalds <torvalds@linux-foundation.org>